Fuzzing is an automated method for detecting bugs in software that works by feeding large numbers of unexpected inputs to a target program. While the process may crash an application, fuzzing is quite effective at discovering memory corruption bugs that can often have serious security implications.

Fuzzing at scale

For fuzzing to be truly effective though, it must be continuous, carried out at scale and integrated into a software project’s development process. This is why Google created ClusterFuzz which is run on over 25,000 cores.

ClusterFuzz is able to provide end-to-end automation, from bug detection, to triage, to bug reporting and finally to closing bug reports automatically.

In addition to detecting bugs in Chrome, Google’s tool has discovered 11,000 bugs in over 160 open-source source projects that utilised OSS-Fuzz.

Fuzzing has grown in popularity recently due to the fact that more and more software testing and deployment is automated.

ClusterFuzz is now available on Google’s GitHub repository and the company has even provided detailed instructions for developers that wish to begin using its tool to integrate fuzzing into their workflows.